SSPI logon gives handle to existing logon session
- From: ixe13 <ixe013@xxxxxxxxx>
- Date: Wed, 11 Jul 2007 21:02:08 -0700
Hello,
I have a problem with code that does a SSPI logon. I was able to
reproduce the problem using Keith Brown's sspi_workbench utility. Here
is what I observe :
I do the InitializeSecurityContext / AcceptSecurityContext dance on a
single machine (only tested with XP SP2 for now). The "client" end of
it uses the credientials from the current session, i.e. I send a NULL
for LUID parameter of AcquireCredentialsHandle. The "server" end uses
a administrator username and password, but I can use anything else and
I still get this problem :
When the authentication is completed, the server impersonates the
client, but the token I get refers to the same "client" logon session
I started with. I want a new logon session to be created.
If the client side uses a username password, a new logon session is
created.
Does anybody know why it works like that ? Is there a trick or
combination of flags that would allow me to force the creation of a
new logon session even when I am using the credentials from the
current session ?
.
- Prev by Date: Re: Does anyone back up Certificates?
- Next by Date: CreatePkcs10 function for certEnroll
- Previous by thread: How to access share using specific credentials?
- Next by thread: CreatePkcs10 function for certEnroll
- Index(es):
Relevant Pages
|
